A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.
References
Configurations
No configuration.
History
18 Apr 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
31 Mar 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Mar 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-28 19:15
Updated : 2024-04-18 02:15
NVD link : CVE-2024-2947
Mitre link : CVE-2024-2947
CVE.ORG link : CVE-2024-2947
JSON object : View
Products Affected
No product.
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')